DivestOS/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-3.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Mon, 4 Mar 2019 04:26:04 -0500
Subject: [PATCH] use blocking getrandom and avoid urandom fallback

Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
---
 libc/bionic/getentropy.cpp | 26 ++------------------------
 1 file changed, 2 insertions(+), 24 deletions(-)

diff --git a/libc/bionic/getentropy.cpp b/libc/bionic/getentropy.cpp
index 9c93e713b..9b4085267 100644
--- a/libc/bionic/getentropy.cpp
+++ b/libc/bionic/getentropy.cpp
@@ -33,22 +33,6 @@
 
 #include "private/ScopedFd.h"
 
-static int getentropy_urandom(void* buffer, size_t buffer_size, int saved_errno) {
-  ScopedFd fd(TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_NOFOLLOW | O_CLOEXEC, 0)));
-  if (fd.get() == -1) return -1;
-
-  size_t collected = 0;
-  while (collected < buffer_size) {
-    ssize_t count = TEMP_FAILURE_RETRY(read(fd.get(), static_cast<char*>(buffer) + collected,
-                                            buffer_size - collected));
-    if (count == -1) return -1;
-    collected += count;
-  }
-
-  errno = saved_errno;
-  return 0;
-}
-
 int getentropy(void* buffer, size_t buffer_size) {
   if (buffer_size > 256) {
     errno = EIO;
@@ -60,15 +44,9 @@ int getentropy(void* buffer, size_t buffer_size) {
   size_t collected = 0;
   while (collected < buffer_size) {
     long count = TEMP_FAILURE_RETRY(getrandom(static_cast<char*>(buffer) + collected,
-                                              buffer_size - collected, GRND_NONBLOCK));
+                                              buffer_size - collected, 0));
     if (count == -1) {
-      // EAGAIN: there isn't enough entropy right now.
-      // ENOSYS/EINVAL: getrandom(2) or GRND_NONBLOCK isn't supported.
-      // EFAULT: `buffer` is invalid.
-      // Try /dev/urandom regardless because it can't hurt,
-      // and we don't need to optimize the EFAULT case.
-      // See http://b/33059407 and http://b/67015565.
-      return getentropy_urandom(buffer, buffer_size, saved_errno);
+      return -1;
     }
     collected += count;
   }
Churn Signed-off-by: Tad <tad@spotco.us> 2022-03-15 21:07:25 +00:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
Add bionic hardening patchsets from GrapheneOS 11 https://github.com/GrapheneOS/platform_system_core/commit/b3a0c2c5db28852b6d485542c8a4f1649a256892 11 https://github.com/GrapheneOS/platform_bionic/commit/5412c371955014eee8b2246b386ae7f539bac09e #explicit zero 11 https://github.com/GrapheneOS/platform_bionic/commit/31456ac632903235e14500af8b5d7dff2d25d724 #brk 11 https://github.com/GrapheneOS/platform_bionic/commit/58ebc243ea3085056e6aba765d879807fa1a46d6 #random 11 https://github.com/GrapheneOS/platform_bionic/commit/5323b39f7ec1fce2d788f1c8a2c28cfd32d5ccc4 #undefined 11 https://github.com/GrapheneOS/platform_bionic/commit/6a91d9dddb01964134e50cc73f6f158706da800a #merge 11 https://github.com/GrapheneOS/platform_bionic/commit/a042b5a0bada9933b7c488003e8f9d8d0d195525 #vla formatting 11 https://github.com/GrapheneOS/platform_bionic/commit/9ec639de1bec2f655bdfc0750e363a6f8de31c4a #pthread 11 https://github.com/GrapheneOS/platform_bionic/commit/49571a0a496539b9af763b8ef30c5b5db57c8be7 #read only 11 https://github.com/GrapheneOS/platform_bionic/commit/149cc5ccb870640b2536b6bd5dfa1292f9dd6178 #zero 11 https://github.com/GrapheneOS/platform_bionic/commit/2e613ccbe7a6b2aa8f1688ed8493267d12c66d23 #fork mmap 11 https://github.com/GrapheneOS/platform_bionic/commit/e239c7dff88bbc37a3e902a695565fdbf6ed0b08 #memprot pthread 11 https://github.com/GrapheneOS/platform_bionic/commit/0b03d92b7f2dc5f12211037e99821ccead27a687 #xor 11 https://github.com/GrapheneOS/platform_bionic/commit/de08419b8256ab7daf6ef7c7835348f9aaeb7478 #junk 11 https://github.com/GrapheneOS/platform_bionic/commit/897d4903e24c9f6b772539e9f8e0bf3520ed8838 #guard 11 https://github.com/GrapheneOS/platform_bionic/commit/648cd68ca3ffefe685ae6acdae17171c8acfa75b #ptrhread guard 11 https://github.com/GrapheneOS/platform_bionic/commit/0bc4dbcbd27c7f48713913101fb3c868c215c1a3 #stack rand 10 https://github.com/GrapheneOS/platform_system_core/commit/aa9cc05d07a5855fcae2d9f21dd9672543eafbb3 10 https://github.com/GrapheneOS/platform_bionic/commit/a8cdbb6352e4ff708b791c7f3a976de8a6383105 #explicit zero 10 https://github.com/GrapheneOS/platform_bionic/commit/b28302c668013a5588a6939f0bbced0b7b288cc2 #brk 10 https://github.com/GrapheneOS/platform_bionic/commit/9f8be7d07cc063933f8def97672c7671dd4fc360 #random 10 https://github.com/GrapheneOS/platform_bionic/commit/cb91a7ee3aed607dab2d89f2f6b823bf28ea34a0 #undefined 10 https://github.com/GrapheneOS/platform_bionic/commit/08279e2fdd75d20ede2a56c326604f426557cea4 #merge 10 https://github.com/GrapheneOS/platform_bionic/commit/6a18bd565d9344db5f46f2bb423309dcb134be6e #vla formatting 10 https://github.com/GrapheneOS/platform_bionic/commit/2f392c2d081fad13f61164ab07841818b972f950 #pthread 10 https://github.com/GrapheneOS/platform_bionic/commit/8bbce1bc50f7b0fb210de3ef160542bbb08cdcc0 #read only 10 https://github.com/GrapheneOS/platform_bionic/commit/725f61db82eb41098291ce06445ccfbf5d5b3581 #zero 10 https://github.com/GrapheneOS/platform_bionic/commit/4cd257135f72ceb7ddd32538d2ba579736bf7a12 #fork mmap 10 https://github.com/GrapheneOS/platform_bionic/commit/9220cf622bab1099cbff937d88aa7ce2809bb9d4 #memprot pthread 10 https://github.com/GrapheneOS/platform_bionic/commit/8ef71d1ffd51664bc8d61fd029efa899a87ddc30 #memprot exit 10 https://github.com/GrapheneOS/platform_bionic/commit/0eaef1abbdcbf40c990fcba1bd91401bdd38a9c5 #xor 10 https://github.com/GrapheneOS/platform_bionic/commit/64f1cc2148c1834212f6704ba08b626696501271 #junk 10 https://github.com/GrapheneOS/platform_bionic/commit/5c42a527cf958ca3c81613178618d452e806994f #guard 10 https://github.com/GrapheneOS/platform_bionic/commit/5cc8c34e60dbfeb1fd996bf83bb01a0443d93a8a #pthread guard 10 https://github.com/GrapheneOS/platform_bionic/commit/7f61cc8a1c9abd04094a96959f242b7906fa3127 #stack rand 9 https://github.com/GrapheneOS/platform_system_core/commit/abdf523d26450814fc3f5c211f3baa643c48bae3 9 https://github.com/GrapheneOS/platform_bionic/commit/e4b9b31e6f9ff7eb9d168db6a99a775bf4f669c1 #explicit zero 9 https://github.com/GrapheneOS/platform_bionic/commit/a3a22a63d2cf265d5edc8cf613484e13fd03e19d #brk 9 https://github.com/GrapheneOS/platform_bionic/commit/7444dbc3cf11285fb94d5d00913016afd7b0dff2 #random 9 https://github.com/GrapheneOS/platform_bionic/commit/dcd3b72ac9cac79d4322a17be150c46f65ffb3cd #undefined 9 https://github.com/GrapheneOS/platform_bionic/commit/543e1df342cdd8720ce967d990ca28a2b9c26af2 #merge 9 https://github.com/GrapheneOS/platform_bionic/commit/611e5691f7e48aba8529e49b22885021f322b31e #vla formatting 9 https://github.com/GrapheneOS/platform_bionic/commit/8de97ce864cc781d077160a8efd4902d4338078c #pthread 9 https://github.com/GrapheneOS/platform_bionic/commit/a47571704245e5514795f35bbcffdb8a533e738a #read only 9 https://github.com/GrapheneOS/platform_bionic/commit/7f0947cc0e4fc52a41ef8ecfba892f5534e1fee5 #zero 9 https://github.com/GrapheneOS/platform_bionic/commit/e9751d3370aa44e6ca77843f7c7a7aac67e5bcc0 #fork mmap 9 https://github.com/GrapheneOS/platform_bionic/commit/83cd86d0d522c64726dac41614c00f2534044f73 #memprot pthread 9 https://github.com/GrapheneOS/platform_bionic/commit/1ebb1654556ed74d63e43fe7dbbceae5b20f569f #memprot exit 9 https://github.com/GrapheneOS/platform_bionic/commit/488ba483cf9ad195fda33b3250115a308bf03f75 #xor 9 https://github.com/GrapheneOS/platform_bionic/commit/f9351d884bddaf126a8fc45c8cb14e7ca2cf463b #junk 9 https://github.com/GrapheneOS/platform_bionic/commit/85e5bca0a525a1cb8142aa092286ae3424983dd5 #move Signed-off-by: Tad <tad@spotco.us> 2022-03-15 20:34:57 +00:00			`From: Daniel Micay <danielmicay@gmail.com>`
			`Date: Mon, 4 Mar 2019 04:26:04 -0500`
			`Subject: [PATCH] use blocking getrandom and avoid urandom fallback`

			`Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>`
			`---`
			`libc/bionic/getentropy.cpp \| 26 ++------------------------`
			`1 file changed, 2 insertions(+), 24 deletions(-)`

			`diff --git a/libc/bionic/getentropy.cpp b/libc/bionic/getentropy.cpp`
Churn Signed-off-by: Tad <tad@spotco.us> 2022-03-15 21:07:25 +00:00			`index 9c93e713b..9b4085267 100644`
Add bionic hardening patchsets from GrapheneOS 11 https://github.com/GrapheneOS/platform_system_core/commit/b3a0c2c5db28852b6d485542c8a4f1649a256892 11 https://github.com/GrapheneOS/platform_bionic/commit/5412c371955014eee8b2246b386ae7f539bac09e #explicit zero 11 https://github.com/GrapheneOS/platform_bionic/commit/31456ac632903235e14500af8b5d7dff2d25d724 #brk 11 https://github.com/GrapheneOS/platform_bionic/commit/58ebc243ea3085056e6aba765d879807fa1a46d6 #random 11 https://github.com/GrapheneOS/platform_bionic/commit/5323b39f7ec1fce2d788f1c8a2c28cfd32d5ccc4 #undefined 11 https://github.com/GrapheneOS/platform_bionic/commit/6a91d9dddb01964134e50cc73f6f158706da800a #merge 11 https://github.com/GrapheneOS/platform_bionic/commit/a042b5a0bada9933b7c488003e8f9d8d0d195525 #vla formatting 11 https://github.com/GrapheneOS/platform_bionic/commit/9ec639de1bec2f655bdfc0750e363a6f8de31c4a #pthread 11 https://github.com/GrapheneOS/platform_bionic/commit/49571a0a496539b9af763b8ef30c5b5db57c8be7 #read only 11 https://github.com/GrapheneOS/platform_bionic/commit/149cc5ccb870640b2536b6bd5dfa1292f9dd6178 #zero 11 https://github.com/GrapheneOS/platform_bionic/commit/2e613ccbe7a6b2aa8f1688ed8493267d12c66d23 #fork mmap 11 https://github.com/GrapheneOS/platform_bionic/commit/e239c7dff88bbc37a3e902a695565fdbf6ed0b08 #memprot pthread 11 https://github.com/GrapheneOS/platform_bionic/commit/0b03d92b7f2dc5f12211037e99821ccead27a687 #xor 11 https://github.com/GrapheneOS/platform_bionic/commit/de08419b8256ab7daf6ef7c7835348f9aaeb7478 #junk 11 https://github.com/GrapheneOS/platform_bionic/commit/897d4903e24c9f6b772539e9f8e0bf3520ed8838 #guard 11 https://github.com/GrapheneOS/platform_bionic/commit/648cd68ca3ffefe685ae6acdae17171c8acfa75b #ptrhread guard 11 https://github.com/GrapheneOS/platform_bionic/commit/0bc4dbcbd27c7f48713913101fb3c868c215c1a3 #stack rand 10 https://github.com/GrapheneOS/platform_system_core/commit/aa9cc05d07a5855fcae2d9f21dd9672543eafbb3 10 https://github.com/GrapheneOS/platform_bionic/commit/a8cdbb6352e4ff708b791c7f3a976de8a6383105 #explicit zero 10 https://github.com/GrapheneOS/platform_bionic/commit/b28302c668013a5588a6939f0bbced0b7b288cc2 #brk 10 https://github.com/GrapheneOS/platform_bionic/commit/9f8be7d07cc063933f8def97672c7671dd4fc360 #random 10 https://github.com/GrapheneOS/platform_bionic/commit/cb91a7ee3aed607dab2d89f2f6b823bf28ea34a0 #undefined 10 https://github.com/GrapheneOS/platform_bionic/commit/08279e2fdd75d20ede2a56c326604f426557cea4 #merge 10 https://github.com/GrapheneOS/platform_bionic/commit/6a18bd565d9344db5f46f2bb423309dcb134be6e #vla formatting 10 https://github.com/GrapheneOS/platform_bionic/commit/2f392c2d081fad13f61164ab07841818b972f950 #pthread 10 https://github.com/GrapheneOS/platform_bionic/commit/8bbce1bc50f7b0fb210de3ef160542bbb08cdcc0 #read only 10 https://github.com/GrapheneOS/platform_bionic/commit/725f61db82eb41098291ce06445ccfbf5d5b3581 #zero 10 https://github.com/GrapheneOS/platform_bionic/commit/4cd257135f72ceb7ddd32538d2ba579736bf7a12 #fork mmap 10 https://github.com/GrapheneOS/platform_bionic/commit/9220cf622bab1099cbff937d88aa7ce2809bb9d4 #memprot pthread 10 https://github.com/GrapheneOS/platform_bionic/commit/8ef71d1ffd51664bc8d61fd029efa899a87ddc30 #memprot exit 10 https://github.com/GrapheneOS/platform_bionic/commit/0eaef1abbdcbf40c990fcba1bd91401bdd38a9c5 #xor 10 https://github.com/GrapheneOS/platform_bionic/commit/64f1cc2148c1834212f6704ba08b626696501271 #junk 10 https://github.com/GrapheneOS/platform_bionic/commit/5c42a527cf958ca3c81613178618d452e806994f #guard 10 https://github.com/GrapheneOS/platform_bionic/commit/5cc8c34e60dbfeb1fd996bf83bb01a0443d93a8a #pthread guard 10 https://github.com/GrapheneOS/platform_bionic/commit/7f61cc8a1c9abd04094a96959f242b7906fa3127 #stack rand 9 https://github.com/GrapheneOS/platform_system_core/commit/abdf523d26450814fc3f5c211f3baa643c48bae3 9 https://github.com/GrapheneOS/platform_bionic/commit/e4b9b31e6f9ff7eb9d168db6a99a775bf4f669c1 #explicit zero 9 https://github.com/GrapheneOS/platform_bionic/commit/a3a22a63d2cf265d5edc8cf613484e13fd03e19d #brk 9 https://github.com/GrapheneOS/platform_bionic/commit/7444dbc3cf11285fb94d5d00913016afd7b0dff2 #random 9 https://github.com/GrapheneOS/platform_bionic/commit/dcd3b72ac9cac79d4322a17be150c46f65ffb3cd #undefined 9 https://github.com/GrapheneOS/platform_bionic/commit/543e1df342cdd8720ce967d990ca28a2b9c26af2 #merge 9 https://github.com/GrapheneOS/platform_bionic/commit/611e5691f7e48aba8529e49b22885021f322b31e #vla formatting 9 https://github.com/GrapheneOS/platform_bionic/commit/8de97ce864cc781d077160a8efd4902d4338078c #pthread 9 https://github.com/GrapheneOS/platform_bionic/commit/a47571704245e5514795f35bbcffdb8a533e738a #read only 9 https://github.com/GrapheneOS/platform_bionic/commit/7f0947cc0e4fc52a41ef8ecfba892f5534e1fee5 #zero 9 https://github.com/GrapheneOS/platform_bionic/commit/e9751d3370aa44e6ca77843f7c7a7aac67e5bcc0 #fork mmap 9 https://github.com/GrapheneOS/platform_bionic/commit/83cd86d0d522c64726dac41614c00f2534044f73 #memprot pthread 9 https://github.com/GrapheneOS/platform_bionic/commit/1ebb1654556ed74d63e43fe7dbbceae5b20f569f #memprot exit 9 https://github.com/GrapheneOS/platform_bionic/commit/488ba483cf9ad195fda33b3250115a308bf03f75 #xor 9 https://github.com/GrapheneOS/platform_bionic/commit/f9351d884bddaf126a8fc45c8cb14e7ca2cf463b #junk 9 https://github.com/GrapheneOS/platform_bionic/commit/85e5bca0a525a1cb8142aa092286ae3424983dd5 #move Signed-off-by: Tad <tad@spotco.us> 2022-03-15 20:34:57 +00:00			`--- a/libc/bionic/getentropy.cpp`
			`+++ b/libc/bionic/getentropy.cpp`
			`@@ -33,22 +33,6 @@`

			`#include "private/ScopedFd.h"`

			`-static int getentropy_urandom(void* buffer, size_t buffer_size, int saved_errno) {`
			`- ScopedFd fd(TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY \| O_NOFOLLOW \| O_CLOEXEC, 0)));`
			`- if (fd.get() == -1) return -1;`
			`-`
			`- size_t collected = 0;`
			`- while (collected < buffer_size) {`
			`- ssize_t count = TEMP_FAILURE_RETRY(read(fd.get(), static_cast<char*>(buffer) + collected,`
			`- buffer_size - collected));`
			`- if (count == -1) return -1;`
			`- collected += count;`
			`- }`
			`-`
			`- errno = saved_errno;`
			`- return 0;`
			`-}`
			`-`
			`int getentropy(void* buffer, size_t buffer_size) {`
			`if (buffer_size > 256) {`
			`errno = EIO;`
			`@@ -60,15 +44,9 @@ int getentropy(void* buffer, size_t buffer_size) {`
			`size_t collected = 0;`
			`while (collected < buffer_size) {`
			`long count = TEMP_FAILURE_RETRY(getrandom(static_cast<char*>(buffer) + collected,`
			`- buffer_size - collected, GRND_NONBLOCK));`
			`+ buffer_size - collected, 0));`
			`if (count == -1) {`
			`- // EAGAIN: there isn't enough entropy right now.`
			`- // ENOSYS/EINVAL: getrandom(2) or GRND_NONBLOCK isn't supported.`
			- // EFAULT: `buffer` is invalid.
			`- // Try /dev/urandom regardless because it can't hurt,`
			`- // and we don't need to optimize the EFAULT case.`
			`- // See http://b/33059407 and http://b/67015565.`
			`- return getentropy_urandom(buffer, buffer_size, saved_errno);`
			`+ return -1;`
			`}`
			`collected += count;`
			`}`